SUSE-SU-2023:2466-1

Опубликовано: 08 июн. 2023

Источник: suse-cvrf

Описание

Security update for opensc

This update for opensc fixes the following issues:

CVE-2023-2977: Fixed out of bounds read in pkcs15 cardos_have_verifyrc_package() (bsc#1211894).

Список пакетов

SUSE Linux Enterprise Server 12 SP5

opensc-0.13.0-3.22.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5

opensc-0.13.0-3.22.1

Ссылки

https://www.suse.com/support/update/announcement/2023/suse-su-20232466-1/
Link for SUSE-SU-2023:2466-1
https://lists.suse.com/pipermail/sle-updates/2023-June/029774.html
E-Mail link for SUSE-SU-2023:2466-1
https://www.suse.com/support/security/rating/
SUSE Security Ratings
https://bugzilla.suse.com/1211894
SUSE Bug 1211894
https://www.suse.com/security/cve/CVE-2023-2977/
SUSE CVE CVE-2023-2977 page

Описание

A vulnerbility was found in OpenSC. This security flaw cause a buffer overrun vulnerability in pkcs15 cardos_have_verifyrc_package. The attacker can supply a smart card package with malformed ASN1 context. The cardos_have_verifyrc_package function scans the ASN1 buffer for 2 tags, where remaining length is wrongly caculated due to moved starting pointer. This leads to possible heap-based buffer oob read. In cases where ASAN is enabled while compiling this causes a crash. Further info leak or more damage is possible.

Затронутые продукты

SUSE Linux Enterprise Server 12 SP5:opensc-0.13.0-3.22.1

SUSE Linux Enterprise Server for SAP Applications 12 SP5:opensc-0.13.0-3.22.1

Ссылки

https://www.suse.com/security/cve/CVE-2023-2977.html
CVE-2023-2977
https://bugzilla.suse.com/1211894
SUSE Bug 1211894

SUSE-SU-2023:2466-1

Описание

Список пакетов

SUSE Linux Enterprise Server 12 SP5

SUSE Linux Enterprise Server for SAP Applications 12 SP5

Ссылки

Уязвимость: CVE-2023-2977

Описание

Затронутые продукты

Ссылки